db-seed
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Data Exposure & Exfiltration (HIGH): The skill documentation includes hardcoded default credentials (admin:admin123) for the seeded application. Hardcoded credentials are a significant security risk if the seeded environment is accessible over a network.
- Privilege Escalation (HIGH): The skill includes instructions for aws dynamodb delete-table, which is a highly destructive administrative operation. If an agent executes this command without strict environment validation, it can lead to permanent data loss.
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill references external local files (file://scripts/seed-admin.json, etc.) that are required for the commands to function but are not provided in the skill context, representing an unverifiable dependency for the data being ingested into the database.
Recommendations
- AI detected serious security threats
Audit Metadata